Less than a third prepared for security attacks on IoT devices
September 1, 2016
Less than a third of information security professionals believe their organisations are prepared for dealing with security risks caused by IoT devices, according to a survey at last month’s Black Hat conference in Las Vegas.
Oregon-based security company Tripwire asked more than 220 information security professionals at the conference whether their organisations were prepared for the security risks associated with IoT devices, and only 30 per cent said yes. In addition, only 34 per cent believed their organisations accurately tracked the number of IoT devices on their networks.
According to Cisco, the number of connected devices is projected to increase to over 50 billion by 2020. Despite their popularity, IoT devices present significant and unique security risks to consumers and businesses. For example, Arbor Networks recently reported that distributed denial of service attacks have grown in size and frequency due in part to the rising number of connected devices.
“The internet of things presents a clear weak spot for an increasing number of information security organisations,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “As an industry, we need to address the security basics with the growing number of IoT devices in corporate networks. By ensuring these devices are securely configured, patched for vulnerabilities and being monitored consistently, we will go a long way in limiting the risks introduced.”
The survey also found that 78 per cent were concerned about the weaponisation of IoT devices in the use of DDoS attacks. Nearly half (47 per cent) expected the number of IoT devices on their networks to increase by at least 30 per cent in 2017. Only 11 per cent considered DDoS attacks one of the top two security threats their organisations faced.
“It wasn't so long ago that home computer zombie armies were the weapon of choice for a lot of cyber attacks and denial of service attacks,” said Dwayne Melancon, chief technology officer for Tripwire. “It seems that security professionals see IoT devices as a sort of zombie appliance army that’s worthy of great concern. That makes sense, since many of the current crop of IoT devices were created with low cost as a priority over security, making them easy targets. The large number of easily compromised devices will require a new approach if we are to secure our critical networks. Organisations must respond with low-cost, automated and highly resilient methods to successfully manage the security risk of these devices at scale.”
Tripwire provides endpoint detection and response, security, compliance and IT operations for enterprises, service providers and government organisations.